I am writing some tests for an AuthorizeAttribute class I wrote for my Web API Controllers. I am trying to mock up everything I need to be able to set the following vars within my class AuthorizeAttributeTotalAccess:
- actionName = filterContext.ActionDescriptor.ActionName;
- controllerName = filterContext.ControllerContext.ControllerDescriptor.ControllerName;
- claimsPrincipal = HttpContext.Current.User as ClaimsPrincipal;
NOTE: I am not married to HttpContext.Current and if there is another Context thaat will always have it, let me know.
My Test, so far, looks like:
using System.Collections.ObjectModel;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Security.Claims;
using System.Security.Principal;
using System.Threading;
using System.Web.Http;
using System.Web.Http.Controllers;
using BI.Security.Library.Authorization;
using Microsoft.VisualStudio.TestTools.UnitTesting;
using NSubstitute;
namespace AppTest
{
[TestClass]
public class AttributeAuthorize
{
private AuthorizeAttributeTotalAccess _filter;
private HttpActionContext _actionContext;
private IPrincipal _originalPrincipal;
[TestInitialize]
public void SetUp()
{
var attributes = new Collection<AllowAnonymousAttribute>();
var controllerDescriptor = Substitute.For<HttpControllerDescriptor>();
controllerDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Returns(attributes);
controllerDescriptor.ControllerName = "Template";
var controllerContext = new HttpControllerContext
{
Request = new HttpRequestMessage(),
ControllerDescriptor = controllerDescriptor
};
// HOW DO I SET ACTIONNAME HERE???
var actionDescriptor = Substitute.For<HttpActionDescriptor>();
actionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Returns(attributes);
_actionContext = new HttpActionContext(controllerContext, actionDescriptor);
_originalPrincipal = Thread.CurrentPrincipal;
_filter = new AuthorizeAttributeTotalAccess();
}
[TestCleanup]
public void TearDown()
{
Thread.CurrentPrincipal = _originalPrincipal;
}
[TestMethod]
public void Returns_unauthorized_response_if_user_is_not_authenticated()
{
_filter.OnAuthorization(_actionContext);
Assert.IsNotNull(_actionContext.Response);
Assert.AreSame(_actionContext.Response.StatusCode, HttpStatusCode.Unauthorized);
}
[TestMethod]
public void Returns_unauthorized_response_if_user_is_authenticated_but_not_in_system_roles()
{
Thread.CurrentPrincipal = GetTestUser("admin");
_filter.OnAuthorization(_actionContext);
Assert.AreSame(_actionContext.Response.StatusCode, HttpStatusCode.Unauthorized);
}
[TestMethod]
public void Short_circuits_request_if_user_is_authenticated_and_in_system_roles()
{
Thread.CurrentPrincipal = GetTestUser("admin", "ApiWriteUser");
_filter.OnAuthorization(_actionContext);
Assert.IsNull(_actionContext.Response);
}
private IPrincipal GetTestUser(params string[] roles)
{
var identity = new ClaimsIdentity(new[] {new Claim(ClaimTypes.Name, "Test User")}, "password");
roles.ToList().ForEach(a => identity.AddClaim(new Claim(ClaimTypes.Role, a)));
var claimsPrincipal = new ClaimsPrincipal(identity);
_actionContext.RequestContext.Principal = claimsPrincipal;
return claimsPrincipal;
}
}
}
What am I missing?
Again, how do I:
- Set the ActionName so it is available in the class to be tested?
- Set the HttpContext.Current so I can see the User?